Protecting sensitive and proprietary information is the responsibility of everyone within an organization. It is no longer a question of "if" but of "when" you will face a data security incident. Will you be ready?
Infiniti Systems Group offers a complete line of Security service to help our clients develop, implement and maintain effective security awareness programs. We have developed an Information Security practice that is time-tested and client specific. We focus on the following areas:
Network Security and Vulnerability Assessment:
We audit the effectiveness of the security measures and technology employed by the enterprise to ensure compliance with regulatory, industry and ISO 17799 standards; and report the business and technical vulnerabilities that may pose a risk to the information assets of the organization.
Back to Top
Network Penetration Testing:
Using automated tools that scan a predetermined range of IP addresses and performs over 400 tests aimed at identifying known vulnerabilities in UNIX, Windows and TCP/IP based network systems, we help our clients harden their network arteries by implementing network access controls, firewalls, router filters, and virus prevention and detection software services.
ISG security experts will perform both manual (e.g., default or trivial passwords) and automated (e.g., brute force password) attacks to gain access to client systems. We will help select and implement intrusion detection and reporting software and procedures, including real-time monitoring and 24/7 incident response and reporting.
Back to Top
Security Policies and Procedures (ISO 17799 compliant):
A corporate security policy defines what actions are authorized. The policy must be set forth by management and have consequences for failure to comply. ISG’s team of security experts will evaluate and document all applicable security policies, standards and procedures, and provide recommendations with a focus on the ISO 17799 standard.
Back to Top
Security Awareness Training:
Recognizing that security is a business enabler, ISG will create an ongoing corporate security awareness training program which will address all facets of the organization and focus on people, processes and technology.
Back to Top
PCI Compliance Review:
The Payment Card Industry Data Security Standard (PCI DSS) applies to every organization that processes credit or debit card information, including merchants and third-party service providers that store, process or transmit credit card/debit card data. According to the PCI DSS documentation, "PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply." By the end of 2007, any organization that accepts payment card transactions must be in compliance with the standards.
· Examine the current process to ensure confidentiality, reliability and security.
· Evaluate and test the current state of these business functional areas by analyzing the network for application, system and network vulnerabilities.
· Evaluate sound business processes, security related administrative and procedural controls, along with current supporting vendors.
· Perform vulnerability testing on core data architecture including but not limited to servers, routers, switches, certificates, etc. to ensure complete confidentiality of this data.
· Confirm and test the integrity of transmissions and batch processes to each selected merchant.
· Ensure that the process exceeds the requirements of the Clients overall security policies and procedures as well as meets PCI DSS recommendations.
· Ensure proper documentation is created, accurate and available relative to these processes.
Back to Top